From: jenna (jennasec-focus@yahoo.co.uk)
Date: Fri Aug 31 2007 - 08:52:45 EDT
The other suggestion I would make would be to diversify. I mainly write policies & procedures, review them (internal audits are now called reviews...) and make improvements but I still have to understand the pen test results, approve changes to the infrastructure, suggest, implement and follow up changes to processes. I might not be particularly good at vulnerabitly scanning but I make sure I can still do it. We are fortunate to be in security where there are so many different channels so read info sec papers and be ready for the next big thing. I have CDs on my desk which guarantee ISO: 27001 certification; implement a SAM solution; manage risks, etc. We are a part of MIS, IT, IS or whatever it's going to be called next - the name changes, the structure changes. What's new and exciting today will be automated tomorrow, be prepared.
Jenna
----- Original Message ----
From: "shyaam@gmail.com" <shyaam@gmail.com>
To: pen-test@securityfocus.com
Sent: Thursday, 30 August, 2007 10:50:41 PM
Subject: Re: Penetration tester or Ethical hacker future?
I am not experienced at all, but I did understand the "overall" of any market.
Human beings freak out if they will loose the jobs due to automation and scientific inventions. There are tons of people who becomes unemployed everyone and there are tons of them who gets hired somewhere else the next day. So, it is always a fluctuating market. Secondly, automation is not only to make life easier but on a business outcome, the main motive of a businessman is to finish a given task as quick as possible in the most efficient manner using leadership and management competencies as skills and doing things in an optimal fashion so as to complete the task and give the clients what has been promised to them over a RFQ or in many other ways.
Ever since the invention of lamps, people who were lighting up the street lights might have worried if they will have a job due to the one switch of a button. Ever since the invention of motor vehicles, people who were pulling carts and giving horse rides might have worried if their market might go down, which is ofcourse true. But then if the guy who knows how to lit the lamps, learns how to turn on the switches and drive the electricity to the required regions(called electrician) and the person who knows how to ride a cart with his horses knows how to turn the steering, he becomes a taxi cab driver.
GIST: Foundations always remain the same. Knowing tools and latest skills will help survive, but in this field of Information Security, people generally tend to do latest stuff and expect so much in return. The thing is, they do get returns from the field, but many people donot give back anything to the field.
Try always getting stronger in the foundational skills, know how the tools and pentesting kits are being made and try creating your own kits(that is not reinventing the wheel), or try extending the existing stuff. Then try to see why many existing systems and softwares are vulnerable, again more than tools use your foundational skills as they never change. Then try doing something for the field that gave you your job, money and what not.
"When people pay so much to secure their stuff, then we better make sure that they are secured"-Dan Kaminsky(or may be someone else quoted before him), but anyways, try to do something for the "Security" community that helps the community as well as your learning skills while doing stuff. In these ways, you need not worry that your job will be gone whether it is automation or any other stuff. You will be known and you will know your stuff.
Cheers!!!
Shyaam
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
________________________________________________________
Nervous about who has your email address? Yahoo! Mail can help you win the war against spam.
http://uk.docs.yahoo.com/mail/addressguard2.html
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:05 EDT